CRYPTOGRAPHIC COMMUNICATION METHOD, FILE 
ACCESS SYSTEM AND RECORDING MEDIUM 



BACKGROUND OF THE INVENTION 
5 1. Field of the Invention 

The present invention relates to a cryptographic 
communication method, a file access system and a recording 
medium. 

Along with the widespread use of personal computers, a 
10 communication using a computer network such as an electronic 
mail has become an essential tool for business. Considering 
that data are not only used in an individual computer but also 
transmitted via a network, the data security should be realized 
totally. 

15 2. Description of the prior art 

Conventionally, a communication method is known well 
in which a key is used for enciphering data to be transmitted for 
data security in the electronic mail, and the same key is used in 
the reception side for decoding received data. 

20 The applicant has proposed a file access system for 

security of files used in a personal computer as disclosed in 
Japanese unexamined patent publication No. 10-301856. 
According to this method, while the key is activated after the 
user is authenticated, any file is automatically enciphered by 

25 entering the file in a designated folder. When reading the file 
in the folder, the file is automatically decoded. A user who has 
the right can read and can edit the enciphered file in the same 
way as a normal file without considering that the file is 
enciphered. 

30 The above-mentioned file access system is an outstanding 
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system for dealing with various contents such as a database or a 
file within a personal computer. 

However, the system is not suitable for transmitting the 
contents to another computer after enciphering them, or for 
5 using enciphered contents that were transmitted from another 
computer after enciphering by a personal key. 

For example, when transmitting enciphered contents as an 
attached file of an electronic mail, the attached file is 
automatically decoded by the read command for making the 
10 attached file. In order to prevent this situation from being 
generated, it is necessary to stop the function of the key in 
advance. However, this operation is so complicated that there 
is a possibility of transmitting the attached file without 
enciphering. 

15 In addition, when transmitting non-enciphered contents 

as an enciphered attached file, the key should be activated for 
the enciphering, and then the function of the key should be 
stopped before making the attached file by the read command. 
This operation is also complicated, and there is a possibility of 

20 transmitting an attached file that is decoded by a misoperation. 

SUMMARY OF THE INVENTION 
The object of the present invention is to provide a 
cryptographic communication method in which the enciphering 
25 operation can be performed easily without a misoperation in the 
case of dealing with mixed data of enciphered data and not 
enciphered data. 

According to a first aspect of the present invention, a 
cryptographic communication method is provided in which a 
30 communication key is used for enciphering data to be 
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transmitted in the transmission side, and a key is used for 
decoding received data in the reception side. In the 
transmission side an individual key that is different from the 
communication key is used for enciphering the data to be 
5 transmitted, the enciphered data are decoded by using the 

individual key first, and then the decoded data are enciphered by 
using the communication key so that the enciphered file can be 
transmitted. 

According to a second aspect of the present invention, in 

10 the cryptographic communication method a file identifier of the 
original data is embedded in a file name, and a new identifier 
indicating that the data are the enciphered data are added to the 
data when enciphering the data by using the communication key. 
According to a third aspect of the present invention, a 

15 cryptographic communication method is provided in which a key 
is used for enciphering data to be transmitted in the transmission 
side, and a communication key is used for decoding received 
data in the reception side. In the reception side the received 
data are decoded by using the communication key, and then the 

20 decoded data are enciphered to be memorized by using an 

individual key that is different from the communication key, and 
the decoded data are erased. 

According to a fourth aspect of the present invention, in 
the cryptographic communication method an authentication is 

25 performed independently for the individual key and the 

communication key so that the enciphering or the decoding can 
be performed by using the individual key and the communication 
key. 

According to a fifth aspect of the present invention, a 
30 cryptographic communication method is provided in which a 
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communication key is used for enciphering data to be 
transmitted in the transmission side, and a communication key is 
used for decoding received data in the reception side. An 
identification code corresponding to the communication key 
5 used for the enciphering is added to the enciphered data when 
enciphering in the transmission side, and in the reception side 
the communication key corresponding to the identification code 
is used for the decoding. 

According to a sixth aspect of the present invention, in the 
10 cryptographic communication method plural communication keys 
are prepared in the transmission side, one of the keys is used for 
enciphering data, and an identification code corresponding to 
the key used for the enciphering is added to the enciphered data. 

According to a seventh aspect of the present invention, in 
15 the cryptographic communication method plural communication 
keys are prepared in the reception side, and one of the 
communication keys that corresponds to the identification code 
is selected to be used. 

According to an eighth aspect of the present invention, a 
20 file access system is provided in which two different keys are 
authenticated individually so that they can be used, and a 
decoding process using one of the keys and an enciphering 
process using the other of the keys are performed continuously 
for one file. 

25 According to a ninth aspect of the present invention, a file 

access system is provided in which two different keys are 
authenticated individually so that they can be used, it is decided 
whether a target file is enciphered, the target file is decoded by 
using one of the keys if the target file is enciphered, the target 

30 file is not processed if the target file is not enciphered, and the 
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other of the keys is used for enciphering the unenciphered file. 

According to a tenth aspect of the present invention, a file 
access system is provided in which two different keys are 
authenticated individually so that they can be used, an 
enciphered file is decoded by using one of the keys, it is decided 
whether a target folder for storing the file is for encipher files, 
the file is enciphered by using the other of the keys and is stored 
if the target folder is for encipher files, and the file is stored 
without any process if the target folder is for encipher files. 

According to an eleventh aspect of the present invention, a 
file access system is provided in which a display including a 
first folder and a second folder is performed, decoding and/or 
enciphering process of a file stored in the first folder when an 
instruction is inputted for moving the file from the first folder to 
the second folder, and the decoded and/or enciphered file is 
stored in the second folder. 

According to a twelfth aspect of the present invention, in 
the file access system it is decided whether the file stored in the 
first folder is enciphered, the file is decoded by using a first key 
if the file is enciphered, the file is not processed if the file is 
not enciphered, and then the unenciphered file is enciphered by 
using a second key. 

According to a thirteenth aspect of the present invention, a 
recording medium is provided on which a program of file access 
is recorded. The program is for a computer to perform the 
process that comprises the steps of authenticating two different 
keys individually so that they can be used, and performing a 
decoding process by using one of the keys and an enciphering 
process by using the other of the keys continuously for one file. 

According to a fourteenth aspect of the present invention, 



an encipher processing device is provided that is used for a 
cryptographic communication in which a communication key is 
used for enciphering data to be transmitted in the transmission 
side, and a key is used for decoding received data in the 
reception side. The encipher processing device comprises the 
communication key, an individual key that is different from the 
communication key, and a process portion for performing a 
decoding process by using the individual key and an enciphering 
process by using the communication key continuously. 

In the present invention, the communication key used in 
the transmission side and the communication key used in the 
reception side can be the same common key or different keys. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Fig. 1 is a block diagram showing an example of a 
communication system 1. 

Fig. 2 is a block diagram showing a structure of the 
enciphering card. 

Figs. 3A and 3B are diagrams showing the states before 
and after the enciphering process using a group key. 

Fig. 4 is a block diagram showing a function of the 
communication terminals when performing the cryptographic 
communication. 

Fig. 5 is a flowchart showing a process of an individual 
security. 

Fig. 6 is a flowchart showing a process of a 
communication security. 

Fig. 7 is a flowchart showing a cryptographic 
transmission process. 

Fig. 8 is a flowchart showing a cryptographic reception 
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process. 

Fig. 9 is a flowchart showing a decoding process by a 
group key. 

Fig. 10 is a diagram showing a display for authentication 
5 of an individual ID. 

Fig. 11 is a diagram showing the state where the 
individual key is activated. 

Fig. 12 is a diagram showing a display of a pull-down 
menu for a cryptographic communication. 
10 Fig. 13 is a diagram showing a display for authentication 

of a group ID . 

Figs. 14A-14C are diagrams showing states for selecting 
a transmission file in the transmission process. 

Fig. 15 is a diagram showing a state of a received file in 
15 the reception operation. 

Fig. 16 is a flowchart of a process for selecting a 
transmission file in another embodiment. 

Fig. 17 is a diagram showing a main displa.y for the file 
selection. 

20 

DESCRIPTION OF THE PREFERRED EMBODIMENTS 
Hereinafter, the present invention will be explained more 
in detail with reference to embodiments and drawings. 

Fig. 1 is a block diagram showing an example of a 
25 communication system 1. Fig. 2 is a block diagram showing a 
structure of the enciphering card SPC. Figs. 3A and 3B are 
diagrams showing the states before and after the enciphering 
process using a group key. 

In Fig. 1, the communication system 1 includes plural 
30 communication terminals 5a, 5b, that are connected to a 
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network NW. The network NW can be a LAN, a WAN, a public 
telephone line, a dedicated line, a wireless line, the Internet or a 
combination network of them. It can be a network NW via 
plural networks. The communication terminals 5a, 5b, can be 
5 personal computers, for example. An example of the structure 
is shown in the figure. Hereinafter, one of the communication 
terminals 5a, 5b, or the whole of them may be referred to as a 
"communication terminal 5." 

The communication terminal 5 includes a processing 

10 device II, a display device 12, drive device 13, input device 14, 
an enciphering card SPC, and other devices. 

The processing device 11 includes a CPU, a ROM, a main 
memory, an external memory device, a communication control 
circuit, a various interface, and other peripheral circuits. The 

15 processing device II performs a process for the cryptographic 
communication according to the present invention working 
together with other devices, especially with the enciphering card 
SPC and other various processes such as a file access process. 
The external memory device memorizes an application program 

20 for the cryptographic communication according to the present 
invention, other programs, various files, tables, databases, and 
other data. 

The display device 12 displays images, characters and 
various displays on its screen HG. 
25 The drive device 13 accesses a recording medium such as a 

CD-ROM (CD), a floppy disk FD, or a magneto-optic disk when 
it is set for reading or writing data or a program. 

The input device 14 is a keyboard, a mouse or other 
pointing device that is used for inputting data or giving 
30 instructions to the processing device 11. 



As shown in Fig. 2, the enciphering card SPC includes an 
enciphering process portion 21, a decoding process portion 22 
and a key portion 23. 

The key portion 32 stores many keys Kl, K2, K3, In 

5 the illustrated example, twelve keys K are shown, but the number 
of keys can be less or more than twelve, e.g., sixteen. Each of 
the keys K corresponds to the identification code. When using 
the enciphering card SPC, an authentication is performed for 
certifying the user at the starting step. At that time, a user ID 

10 or a group ID that corresponds to the identification code is 
inputted, and the key K that is identical to the identification 
code is selected. The user key K that is selected by the ID (an 
individual ID) works as an individual key KP, and the key K that 
is selected by the group ID works as a group key KG. 

15 In this embodiment, at least one common key K should be 

prepared in both the transmission side and the reception side 
when performing the cryptographic communication. 

The enciphering process portion 21 and the decoding 
process portion 22 performs the enciphering process or the 

20 decoding process using the key K selected by the key portion 32. 
Each of the processes is a reversible process. Namely, the 
original state can be obtained by the decoding process after the 
enciphering process or by the processes in the opposite order. 
An example of the processes is explained in the above-mentioned 

25 Japanese unexamined patent publication No. 10-301 856. 

However, when performing the enciphering process or the 
decoding process by the group key KG, a header is added to the 
original data or is removed from the same. 

For example, as shown in Fig. 3A, it is supposed that there 

30 is a file FLl including a header HD, a body BD and a footer FO. 
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The group key KG is used for the enciphering process of this file 
FLl. As shown in Fig. 3B, the entire file FLl is enciphered to 
be a body CBD, and a new header CHD is added to the body CBD 
so as to make a new file FL2. On this occasion, an 
5 identification code (a group ID) that is attribute information 
corresponding to the group key KG is added to the header CHD. 
By performing the decoding process of the file FL2 using the 
group key KG, it goes back to the file FLl. 

The enciphering card SPG is a PC card in this embodiment, 
10 but it can be other form. In addition, though the enciphering 
process and the decoding process are performed by using the 
enciphering card SPC in this embodiment, the same processes 
can be performed by a software without using the enciphering 
card SPC. 

15 Fig. 4 is a block diagram showing a function of the 

communication terminals 5a, 5b when performing the 
cryptographic communication. The communication terminal 5a 
is described as the transmission side, and the communication 
terminal 5b is described as the reception side in Fig. 4. 

20 However, each of the communication terminals 5a and 5b can 
perform either the transmission or the reception. 

In Fig. 4, the communication terminal 5a of the 
transmission side includes an enciphered folder FA, an 
unencrypted folder FH, a transmission and reception folder FT 

25 and an enciphering card SPC. 

When the enciphered folder FA is activated, if a file is 
moved from the other folder to the enciphered folder FA, the file 
is automatically enciphered, so that the enciphered file is stored 
in the enciphered folder FA. When a file (an enciphered file) 

30 stored in the enciphered folder FA is moved to the other folder. 



10 



the file is automatically decoded, so that the decode file (an 
unencrypted file) is stored in the target folder. 

Namely, the enciphering process is performed when a file 
enters the enciphered folder FA, and the decoding process is 
5 performed when a file goes out of the enciphered folder FA. 
Any kind of file to be moved is acceptable. It can be an 
enciphered file or an unencrypted file. If an enciphered file 
enters the enciphered folder FA, it is encipher again, which can 
be returned to the unencrypted file by performing the decoding 

10 process twice. 

An enciphered file stored in the enciphered folder FA is 
automatically decoded when it is read out, and the unencrypted 
file is displayed on the screen HG or printed by a printer. 
Therefore, the user can read and edit an enciphered file in the 

15 enciphered folder FA in the same way as a normal file without 
being conscious that the file is enciphered. 

The individual key KP is used as the key K that is used for 
the enciphering process or the decoding process of the file that 
is inputted in or outputted from the enciphered folder FA. 

20 The unencrypted folder FH is any normal folder that is 

generated under the normal OS or the application. The 
unencrypted folder FH stores an unencrypted file. However, it 
can also store an enciphered file. 

As shown by the broken line in Fig. 4, when moving an 

25 unencrypted file in the unencrypted folder FH into the 
enciphered folder FA, the enciphering process using the 
individual key KP is performed, and the enciphered folder FA 
stores the enciphered file. 

The transmission and reception folder FT is a folder for 

30 storing a file to be transmitted and a received file that are used 
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for the cryptographic communication. The user can select 
which folder provided by the normal OS or the application is 
selected as the transmission and reception folder FT, as being 
explained later. In order to transmit a file stored in the 
5 transmission and reception folder FT, the file is made an 

attached file of an electronic mail, for example. In addition, it 
is set to input a file that is received via an electronic mail into 
this transmission and reception folder FT. 

When moving the enciphered file stored in the enciphered 

10 folder FA to the transmission and reception folder FT, the 
individual key KP is used first for performing the decoding 
process 22, and then the group key KG is used for performing the 
enciphering process 21 of the decoded file. Namely, the 
enciphered file that was enciphered by the individual key KP and 

15 was stored in the enciphered folder FA is enciphered by the 
group key KG, and the enciphered file is stored in the 
transmission and reception folder FT. Though it is not 
illustrated, a temporary folder is provided for the decoding 
process 22 and the enciphering process 21. 

20 In addition, when moving the unencrypted file stored in 

the unencrypted folder FH to the transmission and reception 
folder FT, the group key KG is used for performing the 
enciphering process 21. Namely, the enciphered file that was 
enciphered by the individual key KP and was stored in the 

25 enciphered folder FA is enciphered by the group key KG, and the 
enciphered file is stored in the transmission and reception folder 
FT. 

Thus, even the file that was stored either in the enciphered 
folder FA or the unencrypted folder FH can be enciphered by the 
30 group key KG after passing the enciphering card SPC, and the 
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enciphered file is stored in the transmission and reception folder 
FT. Therefore, either the enciphered file or the unencrypted 
file, when it is made an attached file of an electronic mail, can 
be easily enciphered by the group key KG so as to be an 
5 enciphered file. 

Next, the communication terminal 5b of the reception side 
includes an enciphered folder FA, an unencrypted folder FH, a 
transmission and reception folder FT and an enciphering card 
SPC. 

10 The enciphered folder FA, the unencrypted folder FH, and 

the transmission and reception folder FT are the same as 

explained above. 

It is supposed that a received electronic mail or an 

attached file thereof has entered the transmission and reception 
15 folder FT. Namely, an enciphered file that was enciphered by 

the group key KG enters the transmission and reception folder 

FT. 

When moving the enciphered file stored in the 
transmission and reception folder FT to the enciphered folder FA, 

20 the decoding process 22 is performed first by using the group 

key KG, and then the enciphering process 21 of the decoded file 
is performed by using the individual key KP. Namely, the 
enciphered file that was enciphered by the group key KG and was 
transmitted so as to be stored in the transmission and reception 

25 folder FT is enciphered by the individual key KP, and the 
enciphered file is stored in the enciphered folder FA. 

In addition, when moving the file from the transmission 
and reception folder FT to the unencrypted folder FH, the 
decoding process 22 is performed using a group key KG. 

30 Namely, the enciphered file stored in the transmission and 



13 



reception folder FT is decoded by the group key KG, and the 
unencrypted file is stored in the unencrypted folder FH. 

Thus, the enciphered file that was stored in the 
transmission and reception folder FT is stored in the enciphered 
folder FA as an enciphered file enciphered by the individual key 
KP or is stored in the unencrypted folder FH as an unencrypted 
file when passing the enciphering card SPC. 

In each communication terminal 5, it is necessary to input 
a user ID and a group ID and to select the individual key KP and 
the group key KG for activating them before using the 
enciphering card SPC. 

Next, the process in the communication terminal 5 will be 
explained in detail with reference to the flowchart and the 
screen display. 

Fig. 5 is a flowchart showing a process of an individual 
security. Fig. 6 is a flowchart showing a process of a 
communication security. Fig. 7 is a flowchart showing a 
cryptographic transmission process. Fig. 8 is a flowchart 
showing a cryptographic reception process. Fig. 9 is a 
flowchart showing a decoding process by a group key. Fig. 10 
is a diagram showing a display HGl for authentication of an 
individual ID. Fig. 11 is a diagram showing a display HG2 
when the individual key KP is activated. Fig. 12 is a diagram 
showing a display HG3 of a pull-down menu for a cryptographic 
communication. Fig. 13 is a diagram showing a display HG4 
for authentication of a group ID. Figs. 14A-14C are diagrams 
showing states for selecting a transmission file in the 
transmission process. Fig. 15 is a diagram showing a state of a 
received file in the reception operation. 

The individual security shown in Fig. 5 is a preprocess 
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that is necessary for ensuring the security of a file only by using 
the individual key KP in the communication terminal 5 without 
performing the communication. 

Namely, when starting the application for the 
5 cryptographic communication (or the application for the 

individual security), the display HGl for authentication of an 
individual ID appears first as shown in Fig. 10. Then, an 
individual ID (a user ID) and a password are inputted, and an 
"OK" button is pushed (or is clicked) (Step #11). 
10 In this way, the authentication of an inputted individual ID 

and a password is performed (Step #12). If the authentication 
is OK, the individual key KP corresponding to the individual ID 
becomes valid (Step #13). Therefore, in the same 
communication terminal 5, plural users can ensure each security 
15 by setting an individual ID and a password for each user. 

As shown in Fig. 11, a display HG2 of a key mark appears 
indicating that the individual key KP has become valid (Step 
#14), and the enciphered folder FA becomes activated (Step #15). 

The communication security shown in Fig. 6 is a 
20 preprocess that is necessary for the cryptographic 
communication. 

When clicking the key mark of the display HG2 shown in 
Fig. 11 by using a right button of the mouse, the display HG3 of 
a pull-down menu for the cryptographic communication appears 
25 as shown in Fig. 12. If the "cryptographic communication" is 
clicked, a display HG4 for authentication of a group ID appears 
as shown in Fig. 13. Then, a group ID and a password are 
inputted, and the "OK" button is pushed (Step #21). 

In this way, the authentication of an inputted group ID and 
30 a password is performed (Step #22). If the authentication is 
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OK, the group key KG corresponding to the group ID becomes 
valid (Step #23). At the same time, the next displays HG5-HG8 
appear. 

For the input of a group ID, it is preferable to input a 
group ID corresponding to the transmission destination. 
Namely, plural transmission destinations are designated in 
advance, and different group IDs are assigned to different 
transmission destinations, respectively. It is authorized that 
the same group ID is used in each transmission destination. 
Thus, among two or more communication terminals 5 that are 
designed for the communication, and only among the 
communication terminals 5, the same group ID, i.e., the same 
group key KG is used, so the security can be maintained. 

As shown in Fig. 6, if the transmission is desired (Yes in 
Step #24), the cryptographic transmission process is performed 
(Step #25). If the reception is desired (Yes in Step #26), the 
cryptographic reception process is performed (Step #27). 

As shown in Fig. 7, a file to be transmitted is selected first 
in the cryptographic transmission process (Step #31). 

Namely, in the display HG5 shown in Fig. 14A, an 
operation folder FU is displayed in the left side, while the 
transmission and reception folder FT is displayed in the right 
side. A reference button BT3 or BT4 is displayed above each 
folder, and conversion buttons BTl, BT2 for instructing the 
conversion between the folders are displayed in the middle 
portion. 

If the reference button BT3 is pushed, a list of folders is 
displayed, and a folder to be the operation folder FU is selected 
from the folders. 

If the reference button BT4 is pushed, a list of folders is 
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displayed, and a folder to be the transmission and reception 
folder FT is selected from the folders. 

In the state shown in Fig. 14B, the operation folder FU 
stores two files (unencrypted files) that are "O X.doc" and "A 
5 □ .doc." Then, if the conversion button BTl is pushed, the 
enciphering process of the files is performed as shown in Fig. 
14C. The files are moved from the operation folder FU to the 
transmission and reception folder FT, and the files that were in 
the operation folder FU are erased. 

10 Namely, in Fig. 7, if the file in operation folder FU is an 

enciphered file (Yes in Step #32), the individual key KP is used 
for the decoding (Step #33), and next the group key KG is used 
for the enciphering (Step #34). If the file of the operation 
folder FU is not an enciphered file (No in Step #32), the file is 

15 enciphered by the group key KG (Step #34). 

Upon the enciphering by the group key KG, a file 
identifier (a filename extension) of the original file is embedded 
in the file name, and a new identifier indicating that it is an 
enciphered file is added. In addition, a group ID corresponding 

20 to the group key KG is written in the header as attribute 
information. 

In the example shown in Fig. 14B or 14C, the file name "O 
X .doc" is changed to the file name "O X doc.enc." Namely, the 
file identifier "doc" of the original file is embedded in the file 
25 name to make "O Xdoc," and a new identifier "enc" indicating 
that it is an enciphered file is added. 

It is possible to add a code indicating a group ID to the 
identifier indicating that it is an enciphered file. 

As shown in Fig. 8, a received file is selected first in the 
30 cryptographic reception process (Step #41). 
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Namely, in the display HG8 shown in Fig. 15, if the 
reference button BT4 is pushed, a list of folders is displayed, 
and a folder to be the transmission and reception folder FT is 
selected from the folders. 
5 If the reference button BT3 is pushed, a list of folders is 

displayed, and a folder to be the operation folder FU is selected 
from the folders. 

In the state shown in Fig. 15, the transmission and 
reception folder FT stores two files that are "O Xdoc.enc" and " 

10 AD doc.enc." Then, if the conversion button BT2 is pushed, 
the decoding process of the files is performed. The files are 
moved from the transmission and reception folder FT to the 
operation folder FU, and the files that were in the transmission 
and reception folder FT are erased. 

15 Namely, in Fig. 8, the files in the transmission and 

reception folder FT are decoded by the group key KG (Step #42). 
If the storing destination folder (the operation folder FU) is an 
enciphered folder FA (Yes in Step #43), the file is further 
enciphered by the individual key KP (Step #44), and then the 

20 unencrypted file is erased (Step #45). 

A user can set whether the received file is automatically 
erased after the decode operation. If a file whose identifier is 
not "enc" is tried to enter the transmission and reception folder 
FT shown in Fig. 15, a warning is displayed. 

25 In Fig. 9, a group ID of the header of the file to be decoded 

by the group key KG is extracted in the decoding process (Step 
#51). Then, the extracted group ID is compared with the group 
ID that was inputted in advance for the authentication, and it is 
decided whether the group key KG that is already authenticated 

30 is correct (Step #52). If they are not identical, the group ID is 
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inputted again, for example (Step #53). 

Then, the header is removed (Step #54), the decoding 
process by the group key KG is performed (Step #55), and the 
file name is restored (Step #56). 
5 In the reception side, if there are plural group keys KG 

that can be used, it is possible to select automatically the group 
key KG to be used by the group ID that was extracted from the 
header of the received file. In this way, when plural enciphered 
files are received from plural transmission sides having 
10 different group keys KG, the reception side can select each 
group key KG automatically for decoding. 

Next, another embodiment will be explained in which the 
operation method for the cryptographic communication is 
different. 

15 Fig. 16 is a flowchart process for selecting a transmission 

file in another embodiment. Fig. 17 is a diagram showing a 

main display HG21 for the file selection. 

When starting the application for the cryptographic 

communication in the state where the application for the 
20 individual security has been started, i.e., in the state where the 

authentication of the individual ID has finished, a main display 

HG21 appears first as shown in Fig. 17. 

In the main display HG21, a file selection button BT21, an 

encipherment button BT22, a decoding button BT23, an option 
25 button BT24, a list display column FC, and a progress bar (not 

shown) are displayed. 

If the file selection button BT21 is pushed, a file selection 

display that is a standard of Windows appears, and a file to be 

enciphered or decode is selected. The selected file name is 
30 displayed in the list display column FC (Step #101). 
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If the encipherment button BT22 is pushed, a display HG4 
for authentication of a group ID appears as shown in Fig. 13. 
Then, a group ID and a password are inputted, and the "OK" 
button is pushed (Step #102). An authentication of the inputted 
5 group ID and password is performed (Step #103). If the 

authentication is OK, the group key KG corresponding to the 
group ID becomes valid (Step #104). 

In the same time, a display for selecting a storing 
destination of the enciphered file appears, and an appropriate 

10 destination is designated (Step #105). If the file is an 

enciphered file (Yes in Step #106), the file is decoded by the 
individual key KP (Step #107), and then it is enciphered by the 
group key KG (Step #108). If the file is not an enciphered file, 
it is enciphered by the group key KG (Step #108). 

15 According to the communication system 1 explained above, 

even if an enciphered file and an unenciphered file are mixed, 
the cryptographic communication can be performed by an easy 
operation without a misoperation. 

In the above-mentioned embodiment, various types of 

20 personal computers or information terminals including a palmtop 
type, a note type, a laptop type and a desktop type can be used as 
the communication terminal 5. 

In the above-mentioned embodiment, at least one common 
group key KG is prepared in both the transmission side and the 

25 reception side. This is a so-called common key cryptographic 
format. However, different keys can be used in the 
transmission side and the reception side without preparing a 
common key K for the enciphering and decoding. In addition, 
if a public-key cryptographic format is adopted, for example, the 

30 key for the enciphering is made available in public, and the key 
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for the decoding is kept in secret. Furthermore, an entire 
structure of the communication system 1 or a part structure 
thereof, contents of the process, the order of the process, and a 
structure of the display can be changed in accordance with the 
5 present invention. 

According to the present invention, even if enciphered 
files and unenciphered files are mixed, the cryptographic 
communication can be performed by an easy operation without a 
misoperation. 

10 While the presently preferred embodiments of the present 

invention have been shown and described, it will be understood 
that the present invention is not limited thereto, and that various 
changes and modifications may be made by those skilled in the 
art without departing from the scope of the invention as set forth 

15 in the appended claims. 
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